ci: add ci (#14)

.github/workflows/flake8.yaml

@@ -0,0 +1,46 @@
+name: Flake8
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+permissions:
+  # read on both needed for changes detection
+  pull-requests: read
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  flake8:
+    runs-on:
+      labels: [self-hosted, linux, x64]
+      group: light
+
+    steps:
+      - name: clone repo
+        uses: actions/checkout@v4
+
+      - uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          filters: |
+            src:
+              - 'src/**.py'
+        
+      - name: install flake8
+        if: steps.changes.outputs.src == 'true'
+        run: pip install flake8
+
+      - name: run flake8
+        if: steps.changes.outputs.src == 'true'
+        uses: rbialon/flake8-annotations@v1
+
+      - name: run flake8
+        if: steps.changes.outputs.src == 'true'
+        run: |
+          flake8 --max-complexity 10 --ignore E501 src

.github/workflows/on-pr-update.yaml

@@ -0,0 +1,76 @@
+name: PR Update
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+permissions:
+  # read on both needed for changes detection
+  pull-requests: read
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  changes:
+    # Detect which files have been changed on this PR's full history
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-pr.yaml@v4.2.0
+    with:
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      filters: |
+        canary-container:
+          - './.github/workflows/on-pr-update.yaml'
+          - 'containers/controller/**'
+        canary-chart:
+          - './.github/workflows/on-pr-update.yaml'
+          - 'charts/canary/**'
+
+    secrets:
+      slack-token: ${{ secrets.SLACK_TOKEN }}
+
+  canary-container:
+    # Build the container and push it as :pr-42 and :pr-42-fe45b3h
+    needs: changes
+    if: fromJSON(needs.changes.outputs.changes).canary-container == 'true'
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-pr-update-container.yaml@v4.2.0
+    with:
+      job-name: canary-container
+      container-registry: ${{ vars.HARBOR_REGISTRY }}
+      container-registry-user: ${{ vars.HARBOR_USER }}
+      container-registry-project: ${{ vars.HARBOR_PROJECT }}
+      container-registry-repo: canary
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      build-command: |
+        docker build -t $IMAGE -f containers/canary/Dockerfile .
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      container-registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
+
+  canary-chart:
+    # Build the chart and push it as :pr-42 and :pr-42-fe45b3h
+    needs: changes
+    if: fromJSON(needs.changes.outputs.changes).canary-chart == 'true'
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-pr-update-chart.yaml@v4.2.0
+    with:
+      job-name: chart
+      chart: charts/canary
+      chart-registry: ${{ vars.HARBOR_REGISTRY }}
+      chart-registry-user: ${{ vars.HARBOR_USER }}
+      chart-registry-project: ${{ vars.HARBOR_PROJECT }}
+      chart-registry-repo: canary
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      test-command: |
+        helm template $CHART --values charts/canary/values.yaml
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      chart-registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}

.github/workflows/on-release.yaml

@@ -0,0 +1,77 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  # read needed for changes detection
+  # write needed to author a Github release
+  contents: write
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  changes:
+    # Detect which files have been changed on this PR's full history
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-release.yaml@v4.2.0
+    with:
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      filters: |
+        canary-container:
+          - './.github/workflows/on-release.yaml'
+          - 'containers/canary/**'
+        canary-chart:
+          - './.github/workflows/on-release.yaml'
+          - 'charts/canary/**'
+
+    secrets:
+      slack-token: ${{ secrets.SLACK_TOKEN }}
+
+  canary-container:
+    # Build the Airflow container with dags inside and push it as :rc-1.0.0
+    needs: changes
+    if: fromJSON(needs.changes.outputs.changes).canary-container == 'true'
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-release-container.yaml@v4.2.0
+    with:
+      job-name: canary-container
+      container-registry: ${{ vars.HARBOR_REGISTRY }}
+      container-registry-user: ${{ vars.HARBOR_USER }}
+      container-registry-project: ${{ vars.HARBOR_PROJECT }}
+      container-registry-repo: canary
+      release-tag-format: 'canary-container-${version}'
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      build-command: |
+        docker build -t $IMAGE -f containers/canary/Dockerfile .
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      container-registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}
+
+  canary-chart:
+    # Build the chart and push it as x.y.z-rc
+    needs: changes
+    if: fromJSON(needs.changes.outputs.changes).canary-chart == 'true'
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-release-chart.yaml@v4.2.0
+    with:
+      job-name: canary-chart
+      chart-registry: ${{ vars.HARBOR_REGISTRY }}
+      chart-registry-user: ${{ vars.HARBOR_USER }}
+      chart-registry-project: ${{ vars.HARBOR_PROJECT }}
+      chart-registry-repo: canary
+      release-tag-format: 'canary-chart-${version}'
+      slack-channel: ${{ vars.SLACK_CHANNEL }}
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
+      chart: charts/canary
+      test-command: |
+        helm template $CHART --values charts/canary/values.yaml
+    secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
+      chart-registry-token: ${{ secrets.HARBOR_TOKEN }}
+      slack-token: ${{ secrets.SLACK_TOKEN }}

charts/canary/.helmignore

@@ -0,0 +1,24 @@
+.idea
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line..
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/canary/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+appVersion: 1.0.0
+description: Canary HTTP Monitor
+name: canary
+type: application
+version: 1.0.0

charts/canary/templates/_helpers/common.tpl

@@ -0,0 +1,145 @@
+{{/*
+Define the image configs for containers
+EXAMPLE USAGE: {{ include "image" (dict "image" .Values.canary.image) }}
+*/}}
+{{- define "canary.image" }}
+image: {{ .image.repository }}:{{ .image.tag }}
+imagePullPolicy: {{ .image.pullPolicy }}
+securityContext:
+    runAsUser: {{ .image.uid }}
+    runAsGroup: {{ .image.gid }}
+{{- end }}
+
+{{/*
+Construct the base name for all resources in this chart.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "canary.fullname" -}}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the `labels.app` for used by all resources in this chart.
+*/}}
+{{- define "canary.labels.app" -}}
+{{- printf "%s" .Chart.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct the `labels.chart` for used by all resources in this chart.
+*/}}
+{{- define "canary.labels.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Define the nodeSelector for canary pods
+EXAMPLE USAGE: {{ include "canary.nodeSelector" (dict "Release" .Release "Values" .Values "nodeSelector" $nodeSelector) }}
+*/}}
+{{- define "canary.podNodeSelector" }}
+{{- .nodeSelector | default .Values.canary.defaultNodeSelector | toYaml }}
+{{- end }}
+
+{{/*
+Define the Affinity for canary pods
+EXAMPLE USAGE: {{ include "canary.podAffinity" (dict "Release" .Release "Values" .Values "affinity" $affinity) }}
+*/}}
+{{- define "canary.podAffinity" }}
+{{- .affinity | default .Values.canary.defaultAffinity | toYaml }}
+{{- end }}
+
+{{/*
+Define the Tolerations for canary pods
+EXAMPLE USAGE: {{ include "canary.podTolerations" (dict "Release" .Release "Values" .Values "tolerations" $tolerations) }}
+*/}}
+{{- define "canary.podTolerations" }}
+{{- .tolerations | default .Values.canary.defaultTolerations | toYaml }}
+{{- end }}
+
+{{/*
+Define the PodSecurityContext for canary pods
+EXAMPLE USAGE: {{ include "canary.podSecurityContext" (dict "Release" .Release "Values" .Values "securityContext" $securityContext) }}
+*/}}
+{{- define "canary.podSecurityContext" }}
+{{- .securityContext | default .Values.canary.defaultSecurityContext | toYaml }}
+{{- end }}
+
+{{/*
+The list of `volumeMounts` for canary pods
+EXAMPLE USAGE: {{ include "canary.volumeMounts" (dict "Release" .Release "Values" .Values "extraVolumeMounts" $extraVolumeMounts) }}
+*/}}
+{{- define "canary.volumeMounts" }}
+{{- /* user-defined (global) */ -}}
+{{- if .Values.canary.extraVolumeMounts }}
+{{ toYaml .Values.canary.extraVolumeMounts }}
+{{- end }}
+
+{{- /* user-defined */ -}}
+{{- if .extraVolumeMounts }}
+{{ toYaml .extraVolumeMounts }}
+{{- end }}
+{{- end }}
+
+{{/*
+The list of `volumes` for canary pods
+EXAMPLE USAGE: {{ include "canary.volumes" (dict "Release" .Release "Values" .Values "extraVolumes" $extraVolumes) }}
+*/}}
+{{- define "canary.volumes" }}
+{{- /* user-defined (global) */ -}}
+{{- if .Values.canary.extraVolumes }}
+{{ toYaml .Values.canary.extraVolumes }}
+{{- end }}
+
+{{- /* user-defined */ -}}
+{{- if .extraVolumes }}
+{{ toYaml .extraVolumes }}
+{{- end }}
+{{- end }}
+
+{{/*
+The list of `env` vars for canary pods
+EXAMPLE USAGE: {{ include "canary.env" (dict "Release" .Release "Values" .Values "extraEnv" $extraEnv) }}
+*/}}
+{{- define "canary.env" }}
+{{- /* user-defined (global) */ -}}
+{{- if .Values.canary.extraEnv }}
+{{ toYaml .Values.canary.extraEnv }}
+{{- end }}
+
+{{- /* user-defined */ -}}
+{{- if .extraEnv }}
+{{ toYaml .extraEnv }}
+{{- end }}
+{{- end }}
+
+{{/*
+The list of `envFrom` vars for canary pods
+EXAMPLE USAGE: {{ include "canary.envFrom" (dict "Release" .Release "Values" .Values "extraEnvFrom" $extraEnvFrom) }}
+*/}}
+{{- define "canary.envFrom" }}
+{{- /* user-defined (global) */ -}}
+{{- if .Values.canary.extraEnvFrom }}
+{{ toYaml .Values.canary.extraEnvFrom }}
+{{- end }}
+
+{{- /* user-defined */ -}}
+{{- if .extraEnvFrom }}
+{{ toYaml .extraEnvFrom }}
+{{- end }}
+{{- end }}
+
+{{/*
+The list of `containers` vars for canary pods
+EXAMPLE USAGE: {{ include "canary.containers" (dict "Release" .Release "Values" .Values "extraContainers" $extraContainers) }}
+*/}}
+{{- define "canary.containers" }}
+{{- /* user-defined (global) */ -}}
+{{- if .Values.canary.extraContainers }}
+{{ toYaml .Values.canary.extraContainers }}
+{{- end }}
+
+{{- /* user-defined */ -}}
+{{- if .extraContainers }}
+{{ toYaml .extraContainers }}
+{{- end }}
+{{- end }}